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modifying the protocol or changing its stateless nature. 
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SERVER FOR EITHER ANONYMOUS OR the user's screen. In a our example, the server might 

PRE-AUTHORIZED USERS TO ORDER provide an index to the MPEP which contains links to 

GOODS OR SERVICES ON THE WORLD- other documents. 

WIDE WEB COMPUTER NETWORK The language that Web cUents and servers use to com- 

CROSS REFERENCE TO RELATED ' ^^H]^, '^m'?!?^^^^ UyvcrTcxi Transmis- 

APPLICATIONS Protocol (HTTP), All Web clients and servers must be 

able to speak HTTP in order to send and receive hypermedia 

This application is a continuation of co-pending applica- documents. For this reason, Web servers and often called 

tion Sen No. 08/432,610 and claims an effective filing date HTTP servers. 

of May. 1, 1995. Appendix A describing the HTTP protocol lo The phrase "World-Wide Web" is often used to refer to the 

and Appendix B describing the HTML language have both collective network of servers speaking HTTP as well as the 

been deleted. These topics are now well known in the art and global body of information available using the protocol. 

Appendix A and Appendix B did not teach anything not The standard language the Web uses for creating and 

akeady widely available. The title and abstract have been recognizing hypermedia documents is the HyperText 

changed to reflect the invention claimed in this application is Markup Language (HTML). 

and line numbers have been added. Except for these changes Agood book on the World-Wide Web is "The World-Wide 

and the claims, nothing else has been added or changed. Web Unleashed" by John December. While "The World- 

This application is also related to application Ser. No. Wide Web Unleashed" provides a good background for 

08/796,029, now U.S. Pat. No. 5,784,565. understanding the current invention, it was published after 

BACKGROUND invention was made and should not be considered prior 

art. 

1. Field of Invention One of the major disadvantages of the HTTP protocol is 
This invention relates to performing transactions over a lhat it is stateless. A request is sent from the client to the 

computer network. More particularly, it relates to perform- server and the server completes the entire request at once 

ing retail client/server transactions on the internet using the 25 and sends a single reply message ending the transaction. It 

Hypertext Transfer Protocol (HTTP). is not possible to carry on a dialog using the HTTP protocol 

2. Background — Description of Prior Art because there is no history of previous transactions. 

For fifty years, people have dreamed of the concept of a ^^''^ attempts to build state infonmation into 

universal information database^ata that would not only be transactions, James E. Pitkow and Margaret M. 

accessible to people around the world, but information that ^^^^^^ describe using the hidden attribute of the TYPE field 

would link easily to other pieces of information so that only ^° f^™^- (^^^ "^^ing the Web as a Survey Tool: 

the most important data would be found by a user. Only now Results for the Second WWW User Survey" to be published 

has technology caught up with these dreams, making it ^" ^^^^ ^^^"^ Conference Report for details.) Pitkow 

possible to implement them on a global scale. This global Recker's scheme is restricted to HTML forms and 

system is called the World-Wide Web or WWW ^^^^^ ^^^^ P^g^s. Also, the forms must be 

Tlie WWW began in March 1989, when Tim Bemers-Lee ^^^P^^^^^ on-the-fly imposing a great deal of overhead 

of CERN (a collective of European high-energy physics compared to documents which can merely be read from a 

researchers) proposed the project to be used as a means of u i_ j ^ . , . 

transporting research and ideas effectively throughout the ^ encodes the user identification into the 

organization <=> 40 URL used to access the data. This scheme has several 

Months after CERN's original proposal, the National ^i^t^iratw^flTi'' '^^''""'^'"y^^f^^^S «=''emes thus 

Center for Supercomputing Applications (NCSA) began a P"'^''?"'f P^'iormsncc. Second, the user cannot save 

project to create an interfaci to the World-Wide Web. One of ' f ' T", ,d. '^''^ 

xrr>oA»^ • • • ♦ -j.i. • u miormation m the URL. 

NCSA s missions IS to aid the scientific research community , , „ , , . „, 

u J • -J 1 ui • 1 45 Most people attemptmg to sell products using the World- 

by producing widely available, non-commercial software. ^-.^ ^i,, „ ,jf ^ utW a - 

xrr^c a *Z. c«a„, t\ - n u 1 y^idc Web put up with the lunitations of HTTP and requn-e 

The NCSAs Software Design Group began work on a .t, . * \, j j-. ^ i. 

u- 1 *f • * r .X 1 J ^T7--i «/ u the user to enter her name, address, and credit card number 

versatile, multi-platform mterface to the World-Wide Web r ** u . . t. ^ 1 . 

and caUed it Mosaic ^^^^ ^^^^^ ^^^^^^^ 

™_ - ^, ^ . , 1 i ^ , the customer to print the screen and FAX it to the store. 
The use of Mosaic dunng the second half of 1993 and 

1994 has been growing rapidly. There are now millions of 

copies distributed on computers all over the world. OBJECTS AND ADVANTAGES 

The Web works under the popular client-server model. A one object of the current invention is to allow the user to 

web server is a program running on a computer whose only ^^^^^^ ^ identified by a username and password. The 

purpose IS to serve documents to other computers when 55 enters his ftill name, address, and method of payment 

asked to. A Web chent is a program that mterfaces with the ^^en he creates his profile and he never has to enter it 

user and requests documents from a server as the user asks ^^si^ 
for them. Here is an example of how the process works: 

1. Running a Web chent (also called a browser), the user Another object of the current invention is to allow the user 
selects a piece of hypertext connected to another text, 60 username and password and the start of a session 
say "Manual of Patent Examining Procedures." °ot have to repeatedly supply his username and pass- 

2. The Web client connects to a computer specified by a word. 

network address somewhere on the Internet (say. Another object of the current invention is to allow the user 

www.uspto.gov) and asks that computer's Web server for the to shop without using a profile and enter her name, address 

"Manual of Patent Examining Procedures." 65 and method of payment for each transaction, just like the 

3. The server responds by sending text and any other prior art. The shopper is allowed to create a profile but she 
media within that text (pictures, sounds, or movies) to is not forced to create one. 
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BRIEF DESCRIPTION OF THE DRAWINGS 
FIG. 1 A Web page with hyper-links. 

SUMMARY 

The current invention extends to capabilities of the HTTP 
protocol to allow a user to identify himself and create a 
session, he can then conduct transactions during that session 
without identifying himself again. He can select items to be 
purchased and add them to his order. All of the parts of the 
order are hnked together and the order may be processed 
after the end of the session. 

The current invention takes advantage of the protection 
mechanism of the http protocol in a way never envisioned by 
the authors of the protection mechanism. 

The protection mechanism is designed so that selected 
web pages may be accessed only by people who know the 
password. In that way, a web server can have public pages 
and private pages. 

The protection mechanism also allows an entire UNIX 
directory tree to be protected. For example, /known may be 
a protected directory and all of the files in the directory 
(including other directories) are all protected. If the user had 
to enter his username and password every time he wanted to 25 
access a protected page, there would be a large burden on the 
user. Most browsers, therefore, remember the username and 
password for a given directory. So, if /known was accessible 
using the username of dlewine and the password of 
bigbooks, the browser would remember the username & 30 
password for /known and each time the user attempts to 
access a file (web page) in the /known directory, the browser 
send the username and password to the web server. 

The present invention uses the protection mechanism to 
trick the browser into sending the username and password 
on every access. Thus, without making any modifications to 
the millions of browsers in the world, the web server using 
this invention is able to know exactly who is accessing each 
web page. 

Once the server knows the username and password it is 
able to lookup the users real name, shipping address, credit 
card numbers and other information. 
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PREFERRED EMBODIMENT— DESCRIPTION 

In the preferred embodiment, there are two parallel web 
hie archeries. One is called /store and the other is called 
/known. 

The user first accesses the store by using the URL 
http://intertain.coni/store/welcome,html. In the welcome- 
.html file is the following hyperlink: 
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<BODY> 

<IMG SRC-"/store/icons/BIueMarbleUne.gif ' ALT-" "> 

<Hl>Welcome to intertain.coin<;/Hl> 

<IMG SR07storc/icons/BlucMarblcLiiie.gif' A1T»" "> 

<P><IMG SRO"/store/icons/Waming.gif • ALT-" "> 

<B>Before you choose a book</B>, we need to 

know where to send it and how you'd like to 

pay for it. Feel free to look around without 

setting up a profile.-</P> 

<P> 

<A HREF="/store/scarch.htmr'><IMG SRC="/storc/icons/books.gif' 
ALT-" "> 

Search for books by author and title 
without a using a profile<;/A>. 

Profiles are our way of avoiding asking you to identify 
yourself each time you chose to buy a book. If you*d 
prefer not to fill out a profile, you arc welcome to 
buy as many books as you'd IDcc, identifying 
yourself each time.<;/P> 
<P> 

<A HREF=7store/ncw-acct.html"><IMG SRC="/storc/icons/facc.gLf ' 
ALT-" "> 

Create my intertain.com profiIe<;/A> 

so that I only need to enter the information oncc.</P> 

</BODY> 

</HmL> 



This code produces the image shown in FIG. 1. There are 
several little picUzres (icons) 101, 102, 103 which make the 
screen more interesting. There are two hyperlinks. The first 
link 110 allows the user to operate without a profile. It links 
to the /store directory which is not protected. The second 
link 120 lets the user create a profile. 

If the user clicks on YES she is linked over the /known/ 
welcome.html file. That page is protected and the server 
sends back a code 401 ACCESS DENIED message. The 
user is then asked for a username/password pair. If she 
supplies the correct pair, access is allowed and her browser 
remembers her usemame and password for future access to 
the server. 

It is important that one the user is "known" all hyperlinks 
refer the user back to the /known directory tree. For static 
web pages, it is simple to maintain a parallel set of files: one 
in the /store directory tree and one in the /known directory 
tree. Once the user identifies himself and links over to the 
/known tree, he is never linked back to the /store tree. Much 
HTML code is generated on the fly. This code must deter- 
mine if the user is logged in and setup the correct hyper 
finks. 

A example of C code to perform this function is given 
below: 



<H3>Do you have an intertain.com profile? 
<A HREF="/known/wclcomc html">YES^A> 
or 

<A HREF-"/store/no.htmr>NO</H3><;/A> 



If the use clicks NO he gets the following html code: 



<HTML> 
<HEAD> 

<nTLE> Access the internet bookstore <OTrLE> 
<JUEAD> 



void eod_htmlCvoid) 
55 { 

char "where « "store"; 
directory */ 
int login = 0; 
V 

char *cl; 
^ char usemame[256l 

cl - getenvC"AUTH_TYPE"); 
if(d) 

login - !(strcmp(c]," Basic*')); 
if (login) 
{ 

cl - getcnv("REMOTE_USER"); 
if(cl) 

strcpy(uscrname,cl); 



65 



/• Hyperlink to this 
/* 1 if "known" - 0 if not 
/* Character pointer */ 
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-continued 



else 



} 



login » 0; 



} 



if Oogin) where = "known"; 
printf("<P></P>\n"); 

prmtf("<P><A HREF-V7%s/search.htmI\">\n", where); 
prmtf(" Search again<;/A>\n"); 

printf("<AHREF=V7%s/browsc/browsc.html\">\n",wherc); 
prmtf("Browse again. </A>\n"); 

printf("<A HREF»r/%s/welcome.html\">Return</A>\n",wherc); 
printf("to <B>intcrtain.oom<yB>home page.<;/P></BODY><;OTML> 

\n"); 



Here is what the code does: 

1. Assume that the user is not known and set the variable 
where to "store" and login to 0 (false). 

2. Lookup the environment variable AUTH_TYPE to 
determine if user authentication is in effect. The variable cl 
will be set to NULL if there is no AUTH_TYPE environ- 
ment variable. 

3. If there is an AUTH__TVPE environment variable, and 
it has the value "Basic" then set the variable login to 1 (true) 

4. If the user is known, lookup the environment variable 
REMOTE_USER and save the value of that environment 
variable in the variable username. This step is not strictly 
required for the invention to operate, however, in general the 
name of the user will be required at some point and it is easy 
to get it here. 

5. If the user is known (the variable login is tme), set the 
variable where to the value "known". 

6. Generate hyperlinks (URLs) that point either to /store/ 
search.html or toown/search.html depending on the value 
of the variable where, 

7. In an identical way generate, hyperlinks to /store/ 
browse.html (or /known/browse.html) and to /store/ 
welcome.html (or /known/welcome.html). 

CONCLUSIONS, RAMIFICATIONS, AND 
SCOPE 

The description above describes the operation of the 
bookstore operating at http://intertain.com, however, the 
modification to use this invention at another bookstore or at 
a network store selling things other than books are obvious 
to one of even modest skill. 

The description above describes the best mode contem- 
plated by the inventor, however, it is obvious that the above 
invention can easily be adapted to other uses, such as an 
on-line survey, marketing questionnaire or anyplace where 
is useful to overcome the stateless limitation of the http 
protocol. 

Although the description above contains many 
specificities, these should not be construed as limiting the 
scope of the invention but as merely providing illustrations 
of some of the presently preferred embodiments of this 
invention. Various other embodiments and ramifications are 
possible within its scope. 

Thus the scope of the invention should be determined by ^ 
the appended claims and their legal equivalents, rather than 
by the examples given. 



15 



20 



25 



30 



35 



40 



45 



50 



What is claimed is: 

1. A method for use in a server for either anonymous or 
pre-authorized users to order goods or services on the 
world-wide web computer network comprising: 

(a) displaying to a user a web page containing a hyper- 
link; 

(b) allowing said user to click on said hyper-link; 

(c) if the identity of said user is not known by said server 
then: 

(i) issuing a ACCESS DENIED code to said user's 
browser; 

(ii) receiving back from said user's browser a username 
and password; 

(iii) associating said username and password with a 
record in a database; 

(iv) displaying for said user a form with selected fields 
filled in with information from said record in said 
database; and 

(d) if the identity of said user is known by said server 
displaying for said user an order form with selected 
fields filled in with information from said record in said 
database and not asking said user for a username or a 
password. 

2. The method according to claim 1, where said ACCESS 
DENIED code has the value 401. 

3. A server computer accessed by a plurality of users for 
ordering goods and services from a store on the world wide 
web using the http protocol comprising: 

(a) a plurality of user profile records each containing a 
unique first username, a first password, a customer's 
name and a customer's address; 

(b) at least one of said plurality of users being a known 
user having established its identity with said server; 

(c) at least one of said plurality of users being an unknown 
user; 

(d) means for allowing one of said plurality of users to 
access said server and generating a hyper-link to a 
protected page if said user is unknown and generating 
a hyper-link to an unprotected page if said user is 
known; 

(e) means for allowing said unknown user to attempt to 
access said protected page using the http GET method; 

(£) means for returning an ACCESS DENIED code in 
response to said attempt whereby said ACCESS 
DENIED code causes said user's browser to ask said 
user for a second username and a second password and 
to transmit said send username and second password to 
said server computer in the http authorization header; 

(g) means for locating one of said user profile records 
such that said second username and said second pass- 
word match the first username and first password 
associated with said stored user profile; and 

(h) means for displaying a page showing said customer's 
name and said customer's address by using information 
stored in said stored user profile. 

4. The server of claim 3 where the ACCESS DENIED 
code has the value 401. 
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